Security has become increasingly important for computer systems. Enterprises maintain many types of information, such as financial information, confidential business information or personal information concerning customers and employees. For many important business reasons, this information is generally available, at least to some individuals, through an enterprises computer system. However, this information, if accessed and misused by unauthorized parties, can cause significant harm to an enterprise, its employees or customers.
To protect information in an enterprise computing system, many security techniques have been proposed. One such approach is a secure network communication protocol called IPsec. In IPsec, two host devices that are to communicate form a “security association.” The security association is based one or more keys that are exchanged between the hosts using a key exchange protocol. The two hosts can then use the keys to encrypt or authenticate messages passed between them, depending on the level of security desired.
A drawback of using IPsec in a networked setting is that the cryptographic processing needed to encrypt and decrypt or sign and authenticate messages can undesirably load the central processor of a host device. To reduce processor load, network interface chipsets have been developed to offload these cryptographic functions. Such chipsets can store keys for each active security association for which a computer containing the network interface is a host. As information is passed to the network interface for communication using a particular security association, the chipset can encrypt or sign the information using the appropriate keys. Likewise, as a packet associated with a security association is received, the chipset can authenticate or decrypt information in the packet and pass the results of such processing to a network stack for further processing.
While such processing can be useful in some scenarios, existing chipsets are limited in the number of active security associations they can simultaneously maintain. For example, a server in a large enterprise may maintain on the order of 10,000 security associations, but a chipset may be capable of maintaining information to support only on the order of 1,000 security associations.
To expand the number of security associations that can be supported by a chipset for a network interface, it has been proposed to form network “enclaves.” According to this proposal, each enclave may have its own key that is used to generate, in a predictable manner, keys for security associations involving devices in the enclave. The enclave key is used to generate, in a predictable manner, keys for servers within the enclave. From these keys, the servers can then generate keys for security associations as they are formed. When a device sends packets signed or encrypted using a security association key, the device appends information to the packet identifying how the key was derived. Other devices that access the packet can generate, on the fly, the appropriate keys for cryptographic processing of the packet. Because the security association key for any of a number of security associations can be generated from the enclave key, a chipset has access to a large number of security associations, without requiring large amounts of storage. This approach for automatic key generation may be used by devices that are hosts of the security association or intermediary devices that process packets as they pass between hosts, so long as the intermediary device has access to the appropriate enclave key.